From e11367b255f988ba0cdead7568739180549f751d Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Tue, 22 Aug 2017 11:10:43 +0800 Subject: sthttpd: update to 2.27.1 * Fix CVE-2017-10671: Heap-based buffer overflow in the de_dotdot function in libhttpd.c * Update SRC_URI because the original site can not access. Signed-off-by: Yi Zhao Signed-off-by: Martin Jansa --- .../recipes-httpd/sthttpd/sthttpd_2.27.0.bb | 53 ---------------------- .../recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 53 ++++++++++++++++++++++ 2 files changed, 53 insertions(+), 53 deletions(-) delete mode 100644 meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.0.bb create mode 100644 meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.0.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.0.bb deleted file mode 100644 index 2125b24570..0000000000 --- a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.0.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "A simple, small, portable, fast, and secure HTTP server" -DESCRIPTION = "A simple, small, portable, fast, and secure HTTP server (supported fork of thttpd)." -HOMEPAGE = "http://opensource.dyc.edu/sthttpd" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://src/thttpd.c;beginline=1;endline=26;md5=0c5762c2c34dcbe9eb18815516502872" - -DEPENDS += "base-passwd" - -SRC_URI = "http://opensource.dyc.edu/pub/sthttpd/sthttpd-${PV}.tar.gz \ - file://thttpd.service \ - file://thttpd.conf \ - file://init" - -SRC_URI[md5sum] = "f7dd2d506dc5fad2ad8794b1800d2634" -SRC_URI[sha256sum] = "97d660a881331e93818e872ce11536f461105d70a18dfc5de5895851c4b2afdb" - -S = "${WORKDIR}/sthttpd-${PV}" - -inherit autotools update-rc.d systemd - -SRV_DIR ?= "${servicedir}/www" - -# Note that `${sbindir}/makeweb' is installed setgid to this group, -# but ${SRV_DIR} is not installed chgrp'd to the group by default. -WEBGROUP ?= "www-data" - -do_configure_prepend () { - export WEBDIR=${SRV_DIR} - export WEBGROUP=${WEBGROUP} -} - -do_install_append () { - install -d ${D}${sysconfdir}/init.d - install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/thttpd - install -c -m 755 ${WORKDIR}/thttpd.conf ${D}${sysconfdir} - sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${sysconfdir}/init.d/thttpd - sed -i -e 's,@@SRVDIR,${SRV_DIR},g' ${D}${sysconfdir}/thttpd.conf - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/thttpd - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/thttpd.service ${D}${systemd_unitdir}/system - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_unitdir}/system/thttpd.service - sed -i 's!/var/!${localstatedir}/!g' ${D}${systemd_unitdir}/system/thttpd.service - sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${systemd_unitdir}/system/thttpd.service -} - -INITSCRIPT_NAME = "thttpd" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "thttpd.service" - -FILES_${PN} += "${SRV_DIR}" -FILES_${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb new file mode 100644 index 0000000000..c9fe55b489 --- /dev/null +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb @@ -0,0 +1,53 @@ +SUMMARY = "A simple, small, portable, fast, and secure HTTP server" +DESCRIPTION = "A simple, small, portable, fast, and secure HTTP server (supported fork of thttpd)." +HOMEPAGE = "http://opensource.dyc.edu/sthttpd" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://src/thttpd.c;beginline=1;endline=26;md5=0c5762c2c34dcbe9eb18815516502872" + +DEPENDS += "base-passwd" + +SRC_URI = "https://github.com/blueness/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \ + file://thttpd.service \ + file://thttpd.conf \ + file://init" + +SRC_URI[md5sum] = "3cda1b6c8c8542b1510eadb8e540d8b6" +SRC_URI[sha256sum] = "a1ee2806432eaf5b5dd267a0523701f9f1fa00fefd499d5bec42165a41e05846" + +S = "${WORKDIR}/sthttpd-${PV}" + +inherit autotools update-rc.d systemd + +SRV_DIR ?= "${servicedir}/www" + +# Note that `${sbindir}/makeweb' is installed setgid to this group, +# but ${SRV_DIR} is not installed chgrp'd to the group by default. +WEBGROUP ?= "www-data" + +do_configure_prepend () { + export WEBDIR=${SRV_DIR} + export WEBGROUP=${WEBGROUP} +} + +do_install_append () { + install -d ${D}${sysconfdir}/init.d + install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/thttpd + install -c -m 755 ${WORKDIR}/thttpd.conf ${D}${sysconfdir} + sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${sysconfdir}/init.d/thttpd + sed -i -e 's,@@SRVDIR,${SRV_DIR},g' ${D}${sysconfdir}/thttpd.conf + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/thttpd + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/thttpd.service ${D}${systemd_unitdir}/system + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_unitdir}/system/thttpd.service + sed -i 's!/var/!${localstatedir}/!g' ${D}${systemd_unitdir}/system/thttpd.service + sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${systemd_unitdir}/system/thttpd.service +} + +INITSCRIPT_NAME = "thttpd" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "thttpd.service" + +FILES_${PN} += "${SRV_DIR}" +FILES_${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" -- cgit v1.2.3-54-g00ecf